Denial of Service Vulnerability in Siemens SIMATIC Products
CVE-2018-4843

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic S7-400 Cpu 414-3 Pn/dp V7; Simatic S7-400 Cpu 414f-3 Pn/dp V7; Simatic S7-400 Cpu 416-3 Pn/dp V7; Simatic S7-400 Cpu 416f-3 Pn/dp V7
Vendor: CVE Published:; 20 March 2018

Summary

A security issue exists within certain Siemens SIMATIC products that allows an attacker on the same Ethernet segment to exploit the vulnerability by sending a specifically crafted PROFINET DCP packet. This action may lead to a denial of service condition for the requesting device, necessitating a manual restart to restore normal operation. Organizations utilizing affected products should evaluate their systems for potential exposure and implement necessary mitigations to protect against exploitation.

Affected Version(s)

SIMATIC S7-400 CPU 414-3 PN/DP V7 All versions < V7.0.3

SIMATIC S7-400 CPU 414F-3 PN/DP V7 All versions < V7.0.3

SIMATIC S7-400 CPU 416-3 PN/DP V7 All versions < V7.0.3

References

https://cert-portal.siemens.com/productcert/pdf/ssa-59200...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2018
Vulnerability Reserved
Jan 2, 2018